The team behind the Samba Project has released version 4.0 of its open source Windows interoperability software suite, the first version to offer full compatibility with Microsoft's Active Directory protocols.
The Samba stack is by far the most popular solution for networking non-Microsoft platforms with Windows machines, but …

I reluctantly raise my hat

Re: I reluctantly raise my hat

You mean credit for compling with the EU mandate to open up their protocols? That was April 2007.

Glad to see this finally come to fruition, but nearly six years seems like a bit long to play catch-up to Windows Server 2008. Server 2012 was just released, so Samba 4.0 is still behind the 8-ball (no doubt, crouching to avoid the chairs thrown from Redmond).

Re: I reluctantly raise my hat

>more Linux servers were bought and gradually they displaced unix and windows servers.

This trend has reversed. You're not factoring that vast numbers of Linux VMs now run on Windows Azure - as does pretty much all the iOS/Apple online ecosystem. Peel back the layers and you'll find Microsoft stickers on a greater % of servers than 5 years ago.

@Captain Save-a-ho - Re: I reluctantly raise my hat

From Samba Team press release :

[quote] The Samba 4.0 Active Directory Compatible Server was created with help from the official protocol documentation published by Microsoft Corporation and the Samba Team would like acknowledge the documentation help and interoperability testing by Microsoft engineers that made our implementation interoperable. [/quote]

I'm fully aware about the EU ruling. My remark was about interoperability testing performed by Microsoft engineers.

@AC 13:45GMT - Re: I reluctantly raise my hat

Microsoft Lock In

Re: Microsoft Lock In

And the Microsoft Lock In still stands and shall stand.

This is GPL3 so do not expect to see it in a commercial "all in one" product shipped in a "user friendly" wrap which your average SME can use. It is definitely not making its way into any NAS or "pre-baked" SME server.

Having it in RHEL, Ubuntu, etc is nice of course. However, let's be real - it is will find it difficult to be widely adopted. Large enterprises have stopped using Windows storage and networking altogether. A lot of them use third party AAA systems too. Small enterprises mostly do not have IT nowdays. They are served by external shops which will not put this in place as this undermines their pricing (and justification for re-financing their Microsoft certs). The only place where this may possibly go is the odd SME shop that still has an IT dept which also needs to have a clue. That is a top order in this day and age. This leaves a very small segment of the market interested in this.

So while a great achievement it is a bit too late and it is licensed in a way where it cannot dent Microsoft the monopoly. Take a bazooka, load a GPLv3 versioned rocket in it, aim at foot, fire. Just to put my point further - if it was not for GPL3, Samba would have still continued to ship with every Apple out there. _THAT_ would have done a serious dent in MSFT monopoly as shops which run hybrid environments are much more interested in reducing their MSFT dependence. Oh well... time to go under my bridge... Wake me up when a non-GPL3 implementation is released, I may actually put it into a product and ship it.

Re: Microsoft Lock In

Re: Microsoft Lock In

@AC 07:18GMT - Re: Microsoft Lock In

Your last sentence finally revealed why you hate GPLv3 so much. You'd like a license which will allow you to pilfer ten years of work spent by Samba team trying to come up with this software, turn it up proprietary in a blink of an eye and monetize it. We all know how Apple used BSD software for free, made billions and never bothered to send a mere 50 cent thank you postcard to those developers.

In your opinion if GPLv3 software can't be sold, nobody will use it. You are right, go under your bridge but please try to stay there for longer periods of time.

Re: @AC 07:18GMT - Microsoft Lock In

If it was GPL2 it could have been bought, sold and supported same as any other software. It would have had companies contributing to it. GPL3 is not a software license any more - it is a political anti-patent system statement. It offers _NO_ extra licensing protection and it has failed to offer any of its misguided patent litigation protection either because no company with any IPR worth mentioning has shipped a GPL3 product.

So if the Samba project stuck to GPL2 it would have been protected same as now and had more people contributing to it. It would have shipped in tens of product by end of next year and would have had developers contributing to it. As it stands - it will not (so it is not surprising it needs 10+ years between major releases).

@AC 17:21GMT - Re: @AC 07:18GMT - Microsoft Lock In

Bought, sold... see what I mean ? Version 3 of GPL came to life because too many companies were looking to poke holes in the GPLv2 protection. Think TiVo.

As for IPR, you're dead wrong here, my friend. Any version of GPL forbid you to distribute patent encumbered FOSS software. It's just that in v2 the enforcement was not that perfect, this is why a lot of companies (Microsoft comes first to mind) whine against version 3. GPL v3 is like version 2 but with added teeth and claws.

Just stick with proprietary licensed software, you seem to understand it better than GPL.

Re: Microsoft Lock In

Stop the anti-GPLv3 fud, it won't wash here. I was on one of the committees tasked with creating the GPLv3 and I can tell you it's a *better* license for shippinging commercial FLOSS product than GPLv2. If you don't believe me believe IBM, EMC, Symantec, Dell, etc. All of whom ship and support enterprise storage products based on GPLv3 Samba code.

Vivat Penguina!

Amazing news...

...but let's see the performance numbers - high-end performance (multiple 10GbE) over CIFS/SMB2.x sucked even from Microsoft itself and while they have fixed things in SMB3/Server 2012 and it is indeed a lot faster I will probably wait for Samba 4's update to full SMB3.0 support (with fingers crossed, of course.)

Re: Amazing news...

The latest Linux kernel, released today comes with experimental SMB2, so it might be a while before we see v3. I'm guessing most Samab4 installs aren't going to see that kind of hardware, and instead will more in the SME that doesn't have volume license agreements.

What a waste of time

If you want an AD server in your environment, go out and buy the licence and get over it. Sure, use your Samba implementation for your file shares, but why all this effort on reinventing the wheel?

Oh, right, *gasp*, Microsoft's implementation of LDAP + kerberos is actually easily maintainable and works in enterprise environments. There has been nothing stopping these earnest Unix admins from rolling their own LDAP implementations, but if anyone has been involved in one of those from the ground up, you know it's a horror story.

AD server - install, add user + computer accounts, and it "just works" (with apologies to the Jobs-ites). Ok, I do see where if you're in a single small/home office, saving the OMG $500 on an unsupported solution might seem to stack up financially, or if you have expensive Unix gurus on tap who can get all low-level with their troubleshooting and fault-fixing.

For most environments, buying something you can get vendor support for is just common sense. I'm sure Red Hat or Suse will be releasing Samba 4 in due course with their offerings... and have you seen how much a full RH licence costs?

I'll take it all back if the opensource implementation gives you vastly improved performance benefits without any additional administrative overhead compared to a standard MS implementation... but I haven't yet seen any analysis along those lines.

Re: What a waste of time

I'm excited about the prospect of using it for the home network. All my windows copies are Pro, and an AD network is a whole lot easier to maintain then standalone boxes. That, and I'm the Unix guru too.

Re: What a waste of time

You' re missing the point. The "free" in free software isn't about the money, it's about the freedom and control. The only thing I can say FOR SURE about what people will use the Samba 4 AD server for is that they'll want to do things with it that we in the Samba Team haven't thought of yet.

That flexibility is priceless. No one cares about spending the money, it's about doing things that are simply not possible with a Windows AD controller because you Don' get the source code.

Re: What a waste of time

Most NAS devices use linux & samba and many organizations use one or more NAS as file server(s) without additional administrative overhead. It's efficient and inexpensive and probably causes Microsoft to lower the price of entry versions of Windows Server. An improved Samba is all win for everyone. Samba.org shows quite a few vendors that use Samba as part of a greater product.

Re: What a waste of time

@Trixr

"Oh, right, *gasp*, Microsoft's implementation of LDAP + kerberos is actually easily maintainable and works in enterprise environments. There has been nothing stopping these earnest Unix admins from rolling their own LDAP implementations, but if anyone has been involved in one of those from the ground up, you know it's a horror story."

It is ironic indeed that it needed one of the most proprietary companies in the world to make something good out of open standards like LDAP and Kerberos. It really goes to show how important good design and forethought are in these matters. MS did a really good job of it, so good in fact that they had created a technical (and thus commercial) monopoly. Still, I think they deserve the money that they make from it, especially as they seem to be playing ball with the SAMBA crew.

@Jeremy Allison,

"You' re missing the point. The "free" in free software isn't about the money, it's about the freedom and control. The only thing I can say FOR SURE about what people will use the Samba 4 AD server for is that they'll want to do things with it that we in the Samba Team haven't thought of yet."

I applaud the efforts of the SAMBA team, you've done a really impressive job. However, please don't over egg the 'free' pudding. In practise almost no one else is going to take the lid off the SAMBA source code. It's too hard for most to get 'in' on someone else's software, free or otherwise, especially when it's so big and complicated. What most people actually want is something that works. AD is a standard of sorts, so "something that works" means *not* changing it. It's a shame indeed, but for most people 'free' will mean 'it didn't cost me a bean'.

Re: What a waste of time @ Jeremy Allison

"That flexibility is priceless. No one cares about spending the money, it's about doing things that are simply not possible with a Windows AD controller because you Don' get the source code."

The source code thing is good in itself, but your statement about nobody caring about spendng money is, IMO, wrong. When most companies hear about Samba, the main attraction is likely to be price, and rightly so. Then they'd look (I assume, admittedly,) at whether it does what they want (most seem to just want AD, probably without understanding it fully) and whether the performance is adequate. I don't see most companies caring about being able to do things you can't do with an AD server as a consequence of it being open source because they just want an AD server, not to have their tech bods messing around adding features that aren't a requirement. For smaller companies techs are hired to keep things running - they'll wait for patches for Samba same as they would for MS, I guess. Please don't take this as a dig at you or the product, it's just my take on how potential end users are likely to approach it.

Re: What a waste of time

"AD server - install, add user + computer accounts, and it "just works" (with apologies to the Jobs-ites). Ok, I do see where if you're in a single small/home office, saving the OMG $500 on an unsupported solution might seem to stack up financially, or if you have expensive Unix gurus on tap who can get all low-level with their troubleshooting and fault-fixing."

You obviously haven't seen recent Linux server variants, or even read the article very well.

Recent Linux server variants can be installed in such a way that they are just as easy to administer as Windows servers.OK, they are different, but some are now at the level where you don't need "expensive Unix gurus on tap" any more than you need expensive Windows gurus on tap. Sure, the gurus would be able to do a better job of fine tuning the environment, but it isn't 100% necessary. Just as a Windows guru (not the normal bods most companies have in their IT depts, from what I have seen) could set up your Windows servers much better.

Once installed, you never (or at least rarely) need to touch the *nix box again. All the standard AD management tools will work straight from Windows. So management is just as easy as with Windows.

There is one other good thing about the Samba4 release, which I will be taking up with my colleagues at some point in the new year: It becomes a second supplier. I will be suggesting we install a couple of Samba4 DCs alongside our existing Windows DCs. This gives several advantages, the biggest being that if, say, an update is applied to the Windows boxes which knocks them out, the Samba boxes will provide continuity of service until the Windows boxes are back up and running. I don't think you can put a price on that in an enterprise environment. Also, if MS increased the license costs to an unaffordable level, or dropped support for the version of server we are using at a time when upgrading was not feasible, or any of a number of situations which could arise, continuity of service is maintained.

For myself, the main reason I am pleased with this is that I can set up an AD controller at home. Looking forward to the simplified administration and extra funtionality I will gain from that!

Re: What a waste of time

It is ironic indeed that it needed one of the most proprietary companies in the world to make something good out of open standards like LDAP and Kerberos. It really goes to show how important good design and forethought are in these matters. MS did a really good job of it, so good in fact that they had created a technical (and thus commercial) monopoly

Lest anyone take this at face value -- it's a moderately subtle troll. Microsoft did make a good job of... extending and/or breaking Kerberos and LDAP in a myriad of ways, some obvious, some quite esoteric. The infamous Kerberos PAC (noted as such in the Samba documentation, btw) is just one example. Why do you think that Samba 4 took so long, even with the full protocol documentation? They had to implement and integrate their own versions of Kerberos and LDAP, since using the existing (standard compliant) implementations would mean butchering them beyond recognition.

@AC 08:07GMT - Re: What a waste of time

Your own keywords here are "almost no one" and "hard for most". This still leaves some room for creativity and this was Jeremy Allison point. And I also agree with his point that with Samba 4 you are free to buy Microsoft or not and nobody should blame you for doing either of the two.

Re: What a waste of time

Well said, sir.

Da fanboiz are going mad, of course.

Whatever.

It's another me-too step, nothing to get too excited about (at least not adult Lnux users who remember 2.2 kernels and dozens of "breakthroughs" none of which has made Linux as good as people have hoped for).

At least it's cheaper than Windows... But if you're an enterprise user it's such peanuts that price is barely a factor - usually not at all.

Re: What a waste of time

Re: What a waste of time

In practise almost no one else is going to take the lid off the SAMBA source code

A very large number of things one can do with Samba don't involve taking the lid off. They just involve reading the documentation and attaching code to hooks that Samba provides, and Windows server does not. Start with the pre- and post-exec hooks on any Samba share.

It's also the nature of open source that if there is a need to attach code to some new action taken by Samba, then someone somwhere will open the hood far enough to create a hook. Also that if there's no good reason to oppose the creation of that hook (security?) then that mod will migrate into the main Samba tree quite soon thereafter.

It's the difference between a product that wants to be used and useful, and a product that wants to force you to buy more secret closed sauce (or snake-oil) at every opportunity.

@AC 15:48 GMT - Re: What a waste of time

Chill out, my friend, don't need to show us you heard about 2.2 kernel! Rest assured nobody will prevent you from buying your Microsoft proprietary licensed software. Unless of course, you do have some serious doubts about your IT organization.

only makes sense for expensive unix consultants

Given how much a good UNIX/Linux admin costs on an hourly basis, this needs to be turnkey to the point of pressing a single button to beat the cost advantage of purchasing a Windows license. Good UNIX/Linux admins can cost 2 to 3 times per hour what a Windows admin costs.

Re: only makes sense for expensive unix consultants

...or just cheaper because once the Linux box is up and running, it does not need to be rebooted monthly, does not need monthly critical vuln patching, will not break when one browser patch is applied, and you will still be able to compile it ten years from now on modern hardware?

..or cheaper because of the licensing costs that MS can, and will, adjust to compensate for their losses anywhere else?

What appears as easy click and go now can become a nightmare in the future. Oh yes, the guy with the MSCE that is clicking the mouse wil be paid less, and will be gone by tomorrow.

Re: only makes sense for expensive unix consultants

Re: only makes sense for expensive unix consultants

@AC 0721 GMT

"...or just cheaper because once the Linux box is up and running, it does not need to be rebooted monthly, does not need monthly critical vuln patching, will not break when one browser patch is applied, and you will still be able to compile it ten years from now on modern hardware?"

Hmmm, most Linux distros I see get massive quantities of updates all the time (a kernel / month?) and need rebooting very regularly as a result. No one seems quite brave enough to actually do live kernel patching yet. Also Linux distros seem to have quite short shelf lives, and once the enthusiasts have moved on one's own installation seems to go stale pretty quickly. Ubuntu call 'Long Term' two years or thereabouts. Pah!

Anyway, who cares about recompiling? No one has recompiled XP in the 13+ years it's been around.

Re: only makes sense for expensive unix consultants

"Good UNIX/Linux admins can cost 2 to 3 times per hour what a Windows admin costs."

Also, good Windows admins cost 2-3 times what a normal Windows admin costs.

You are paying for ability. Most Windows admins (in my experience) are terrible. Don't get me wrong, there are many good ones out there, but the ones who get paid as little as you are talking about... It's for a good reason.

Even putting this aside, you do not need a team of Unix admins to run Samba 4 as AD controllers full time. You need someone to set up the server, and someone (or a support contract) to support it long term. Othere than that, Windows admins could easily still be used to administer the system from day to day, because standard AD admin tools on Windows can still be used.

Re: only makes sense for expensive unix consultants

"Hmmm, most Linux distros I see get massive quantities of updates all the time (a kernel / month?) and need rebooting very regularly as a result. No one seems quite brave enough to actually do live kernel patching yet. Also Linux distros seem to have quite short shelf lives, and once the enthusiasts have moved on one's own installation seems to go stale pretty quickly"

So many factual errors here, most of them seem to come from believing those famous TCO comparison studies. Let's see if I don't leave something unanswered.

First, you say Linux distros have lots of updates. You seem to count all Linux updates, not only the ones related to Samba/Kernel. Go back and count updates only relevant to kernel/samba, and substract the kernel updates not related to the network or Samba stacks. Still more than Windows?

Second, last time I heard, Oracle has a healthy business selling Linux versions capable of live kernel updates. But that is hardly relevant, because AD is fault tolerant and redundant by design and can survive a reboot of an AD node providing you have more than one. But see previous point, you'll be rebooting less than with Windows.

Third, you're using Ubuntu as an example of a typical Linux support lifespan, the one that is more end user oriented. Last time I checked, Red Hat support lasts ten years. But again the comparison is not valid, this is not your Microsoft world, where they decide what technologies are phased out based on marketing reasons.

Also, what's your definition of "going stale"? In my book, an AD controller is an AD controller. How do you prevent your Windows AD controller to stale? By installing new multimedia codecs or a new DirectX version?

"Anyway, who cares about recompiling? No one has recompiled XP in the 13+ years it's been around."

Invalid point, no one can recompile XP, except Microsoft. And if you haven't tried lately, compiling from source has become much, much easier now than in the past thanks to modern packaging systems.